In a March 19 letter to Ridge, Lieberman, ranking Democrat on the Governmental Affairs Committee, said the administration has been running in place and is no closer to implementing the National Strategy to Secure Cyberspace than it was last year.

The Homeland Security Department, formed one year ago, has been given responsibility for implementing the strategy. Lieberman complained that little has been done to turn the strategy's 'vague generalities' into concrete programs. In a lengthy list of questions, he asked for updates on DHS efforts to prioritize key infrastructures, develop plans to improve security and to create effective partnerships with the private sector.

DHS has not yet responded to the request.

The department convened a National Cybersecurity Summit with IT industry leaders in December. A number of industry-led task forces were formed to produce plans for implementing the strategy. The first two plans, outlining efforts to improve public awareness and establish early warning systems, were released last week. Three more reports are due to be released over the next few weeks.

Lieberman called the efforts too little, too late, saying they lacked concrete plans and ignored large portions of the nation's critical infrastructure. He questioned DHS' level of engagement in the process.

The letter requests detailed explanations of:

Efforts to secure the Internet and develop security contingency plans, along with a timetable and deadlines for the process and metrics to measure achievement

Efforts to secure digital control systems, along with timetables, deadlines and metrics

Efforts to remediate software vulnerabilities in existing systems and improve the quality of software development

The purpose of the U.S. CERT and its relationship with the ongoing CERT Coordination Center at Carnegie Mellon University

DHS efforts to address privacy concerns that have slowed cooperation of the private sector in sharing vulnerabilities

The status of the Cyber Warning and Information Network and its relationship to the Early Warning Alert Network proposed last week by the National Cyber Security Partnership